Senior Cyber Security and IT Risks Analyst - Public Sector

The Senior Cyber Security and IT Risks Analyst will lead the identification, evaluation, and mitigation of cybersecurity risks for a fast-growing government entity. Reporting to the Head of Cybersecurity and Risk management, the ideal candidate will bring deep technical expertise, a strong understanding of cybersecurity frameworks, and compliance knowledge aligned with the regional regulations and global standards. Prior experience in both banking and public sector environments is preferred.

Key responsibilities:

Risk Management & Governance:

• Lead the identification and assessment of cybersecurity risks across business units, systems, and projects.
• Support the development and continuous improvement of the Cybersecurity Risk Management Framework (CRMF).
• Conduct cybersecurity risk assessments in line with NIST, ISO 27001, NCA EC, ADSIC, and regional IA standards.
• Monitor compliance with local regulatory requirements (e.g., CBUAE, ADGM, DIFC, and TRA guidelines).
• Coordinate with enterprise risk management (ERM) teams to integrate cybersecurity risk into the broader risk profile.

Cybersecurity Operations & Controls:

• Evaluate the effectiveness of technical and administrative controls to mitigate risks.
• Work with SOC and IT teams to analyze threat intelligence, vulnerabilities, and incidents.
• Contribute to the continuous improvement of security controls, detection capabilities, and incident response plans.

Audit & Compliance:

• Act as a key interface for internal/external audits, regulatory inspections, and compliance reviews.
• Ensure the organization maintains evidence of compliance with local and international standards.
• Draft and maintain cybersecurity policies, standards, and procedures.

Stakeholder Engagement:

• Collaborate with stakeholders and business unit leaders to align cybersecurity strategy with business goals.
• Provide subject matter expertise on risk mitigation in digital transformation projects.
• Develop executive-level risk reports and dashboards for senior management and board committees.

Project & Change Risk Advisory:

• Evaluate and advise on cybersecurity risks in projects, particularly i e-government initiatives.
• Perform third-party risk assessments and vendor security due diligence.

Key requirements:

• Willing and able to work in the Emirate of RAK.
• Bachelor’s degree in computer science, Information Security, or related field. (Master’s degree preferred).
• At least 5 years in banking/financial institutions and 3+ years in the public sector (federal/local government or regulator).
• Strong knowledge of cyber risk frameworks (NIST CSF, ISO 27005, FAIR, MITRE ATT&CK).
• Understanding of banking cybersecurity frameworks (SWIFT CSP, PCI-DSS, CB ISSP).
• Understanding of public sector security frameworks such as NESA, ADSIC, or NCA ECC.
• Familiarity with cloud security (AWS, Azure) and data protection laws (e.g., DIFC Data Protection Law, GDPR).
• Strong analytical, communication, and report-writing skills.